The last few years have certainly not been kind on cyberspace, with everything from financial hacks and hospitality sector breaches to the rise of malware, spyware, and ransomware attacks. Now, 2020 is a historical transition. The increase in attacks correlates directly with rising global tension, Covid-19, and the fact that the economy has switched to Work From Anywhere/Work From Home models. The number of people and businesses that are online along with their data and transactions is staggering at present. For attackers, this is a golden opportunity and an unprecedented playing field.
To usefully peer into the outlook on cybersecurity in 2021, and why cyberspace is in dire straits currently, it would be proper due diligence to start with an in-depth insight into the most ruthless cyberattacks of 2020.
Correlations in The Industry
To get a grasp on the situation, it is worth showing the correlation between the increase in the number of cyberattacks (which are increasing in sophistication) over time. In the graph below, the rising trend of global malware infections is presented. Malware is one of the major types of cyberattacks plaguing the internet.
Not only do the number of cyberattacks (such as malware attacks) increase over time, they will increase with how everything else advances in the tech industry; software development, internet speed, social media trends et al. Cyberattacks also correlate with world politics (such as geopolitical tensions and most of all, Covid19). Cybersecurity legislators will also have to keep up with all of the chaos by writing new laws. Another factor is global spending on cybersecurity, which is forecasted to skyrocket into the new year. According to ATT, cybercrime damage in 2021 is expected to rise to trillions of dollars annually which would be “the greatest transfer of economic wealth in history”. So, this is how cybercrime correlates in an alarming, upward trend with multiple factors.
It is safe to say that none of us really expected 2019 to be the year that would precede the pandemic. Following the outbreak of Covid-19 at that time in Wuhan, China, we have very suddenly entered into a totally new, unknown era in cybersecurity.
2020 has brought with it a slew of cybercrime, to name only a few events;
- Attacks on hospitals and medical research companies
- More sophisticated malware, phishing, and ransomware
- Large-scale global threats and ongoing breaches
What does all of this mean for the future? It is paramount to delve into the industry reports by FireEye and Microsoft, as well as other sources to understand the forecast for 2021.
Cybersecurity Threats for 2021
The forecast for the cybersecurity industry for the upcoming year is not looking too sunny. Although, solutions for emerging cybersecurity threats do exist and are being developed as we speak. Industry reports tell us that malicious digital entities, e.g. hackers, spies, black hats, and the like are going to be around. In fact, these ‘agents’ are actively working to disrupt and exploit what they can and will continue to exploit what they can for profit, control, and domination. Industry reports also state that the Tactics Techniques and Procedures (TTP) of ‘attack agents’ or ‘threat actors’ (hackers) will constantly evolve in 2021. Of course, for every yin there is a yang, so for every attacker, there is a defender. With this in mind, there are always important suggestions and solutions based on research, more on that below in the takeaways for 2021.
In light of the cybercrime events of 2020, we can look at a list of threats that are confirmed concerns for 2021. Based on information and trends compiled from both Microsoft’s and FireEye’s industry reports on defense and cybersecurity, attacks will fall under;
- Threats on personally identifiable information (PII)
- Threats on protected health information (PHI)
The motivation for these attacks can be; financial gain, espionage, and political gain. So, from the general categories we can expand into the following sub-categories;
- Attacks on hospitals
- Attacks on sectors developing/distributing the Covid-19 vaccine
- Attacks on telehealth
- Attacks on educational institutions
- Attacks on government institutions
- Attacks on NGOs
- Attacks on biotechnology companies
- Attacks on ML (machine learning) technology
The map below illustrates the biggest cybersecurity threats per sector in 2021.
The most anticipated types of attack vectors that the security and cyberintelligence sector anticipates in 2021 will be;
- Ransomware attacks (with higher amounts of ransom to be paid)
- Nation-state attacks (launched from North Korea, Iran, Russia, and China followed by South Asia and Vietnam)
- Spear-phishing attacks for espionage on U.S politics
- Imitation and impersonation of C-suite individuals (highest level executives)
- Credential theft via brand imitation
- Exploiting web apps and password spraying
- IP-theft operations
- Cloud-theft of credentials and hacking of cloud data
- DDoS attacks on the remote workforce
- Brute force remote desktop attacks
As Microsoft explained in their report, attackers are always looking to socially engineer ‘lures’ for their attacks, like targetting an anxious and vulnerable public in the time of the information flood during the pandemic. Because cybercrime is a business, and malicious entities are always looking for the best ROI (return on investment), it seems that the biggest threat in 2021 and beyond will be ransomware (with ransoms expected in the millions of dollars), followed by phishing.
Challenges for IoT in The Future
As the Internet of Things (IoT) becomes ever more popular, it deserves its own mention when it comes to cybersecurity in 2021, and beyond. According to industry report data, by 2022 there will be approximately 50 billion IoT devices connected worldwide. By using ‘honeypots’ to attract attackers, Microsoft found that there is an alarmingly increasing trend in attacks focused on IoT devices that are in our homes and around us. The mass majority of attacks have been based on abusing the ‘telnet‘ protocol. Some more findings include that future vulnerabilities on IoT devices (and IoT networks) are;
- Weak encryption
- Out-of-date software patches
- Vulnerable firmware
- Weak network security for IoT devices
- Lacking zero-trust strategies
- Handing over management to third-parties
Takeaways For The Future of Cybersecurity
So, to conclude the takeaways for 2021, let’s boil it down to some general cybersecurity best practices;
- Multi-factor authentication (MFA) should be implemented wherever possible
- Use VPNs with solid privacy policies
- Improve the safety of passwords or use other authentication methods
- Keep software up-to-date
- Modernize VPN systems
- Utilize change management programs to avoid misconfiguration issues
- Manage backups intelligently, onsite and offsite
- Maintain cloud security
- Implement network segmentation
- Secure IoT devices and corresponding networks
- Secure weak endpoints
- Implement a Zero Trust mindset
- Improve cybersecurity education and automate security
- Employ white-hatters to test vulnerability and secure the network
Have Yourselves a Safe 2021
Based on data and trend analysis from the research company Global Web Index (GWI), there are other angles to note for 2021 and beyond which pertain more to human factors. GWI has looked at a ‘worst case’ and ‘best case’ scenario for topics such as remote living, privacy, and possible trends in the future. Among them, there is a big red flag: the subject of mental health. With the uncertainty, displacement, anxiety, and general turmoil that the world is in, mental health is projected to be a very large issue in the upcoming year. Not only this, but the economy needs to look at ways to cut deficits, keep growing, and attracting consumers by adjusting marketing to an isolated world and investing in health, research, and security.
In times like this, we must maintain a good work-life balance, protect our privacy, and keep all those boxes ticked when it comes to staying secure online. Whether you are an individual or a large corporation, with these suggestions in mind we wish you a healthy, cyber-secure new year.